US7716741B2 - Method and system for offloading real-time virus scanning during data transfer to storage peripherals - Google Patents
Method and system for offloading real-time virus scanning during data transfer to storage peripherals Download PDFInfo
- Publication number
- US7716741B2 US7716741B2 US11/034,266 US3426605A US7716741B2 US 7716741 B2 US7716741 B2 US 7716741B2 US 3426605 A US3426605 A US 3426605A US 7716741 B2 US7716741 B2 US 7716741B2
- Authority
- US
- United States
- Prior art keywords
- virus
- file
- device driver
- scan
- perform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Definitions
- the present invention relates to data processing systems and, in particular, to real-time scanning of files by anti-virus software. Still more particularly, the present invention provides a method and system for checking for viruses by adding a virus scanning capability to the peripheral storage controller or data transfer controllers in a data processing system.
- the present invention provides a method, system, and computer program product for checking for viruses by adding a virus scanning capability to a data transfer device.
- a real-time virus checker is stored on a controller.
- the virus checker scans data as it is being written to a file. If a virus is detected, the suspected file is flagged. Anti-virus software is then invoked to perform a scan of the entire suspected file. In this manner, demands on CPU resources to perform scans will be greatly reduced as only those files marked as possibly containing a virus need to be scanned, rather than scanning all the files on the entire data transfer device.
- FIG. 1 is a pictorial representation of a data processing system in which the present invention may be implemented in accordance with a preferred embodiment of the present invention
- FIG. 2 is a block diagram of a data processing system in which the present invention may be implemented according to a preferred embodiment of the present invention
- FIG. 3 is a block diagram of a controller with embedded input/output (IO) processors in accordance with a preferred embodiment of the present invention.
- FIG. 4 is a flowchart that illustrates a method for checking for viruses in accordance with a preferred embodiment of the present invention.
- a computer 100 which includes system unit 102 , video display terminal 104 , keyboard 106 , storage devices 108 , which may include floppy drives and other types of permanent and removable storage media, and mouse 110 . Additional input devices may be included with personal computer 100 , such as, for example, a joystick, touchpad, touch screen, trackball, microphone, and the like.
- Computer 100 can be implemented using any suitable computer, such as an IBM eServer computer or IntelliStation computer, which are products of International Business Machines Corporation, located in Armonk, N.Y. Although the depicted representation shows a computer, other embodiments of the present invention may be implemented in other types of data processing systems, such as a network computer. Computer 100 also preferably includes a graphical user interface (GUI) that may be implemented by means of systems software residing in computer readable media in operation within computer 100 .
- GUI graphical user interface
- Data processing system 200 is an example of a computer, such as computer 100 in FIG. 1 , in which code or instructions implementing the processes of the present invention may be located.
- Data processing system 200 employs a peripheral component interconnect (PCI) local bus architecture.
- PCI peripheral component interconnect
- AGP Accelerated Graphics Port
- ISA Industry Standard Architecture
- Processor 202 and main memory 204 are connected to PCI local bus 206 through PCI bridge 208 .
- PCI bridge 208 also may include an integrated memory controller and cache memory for processor 202 .
- PCI local bus 206 may be made through direct component interconnection or through add-in connectors.
- local area network (LAN) adapter 210 small computer system interface (SCSI) host bus adapter 212 , and expansion bus interface 214 are connected to PCI local bus 206 by direct component connection.
- audio adapter 216 graphics adapter 218 , and audio/video adapter 219 are connected to PCI local bus 206 by add-in boards inserted into expansion slots.
- Expansion bus interface 214 provides a connection for a keyboard and mouse adapter 220 , modem 222 , and additional memory 224 .
- SCSI host bus adapter 212 provides a connection for hard disk drive 226 , tape drive 228 , and CD-ROM drive 230 .
- Typical PCI local bus implementations will support three or four PCI expansion slots or add-in connectors.
- An operating system runs on processor 202 and is used to coordinate and provide control of various components within data processing system 200 in FIG. 2 .
- the operating system may be a commercially available operating system such as Windows XP, which is available from Microsoft Corporation.
- An object oriented programming system such as Java may run in conjunction with the operating system and provides calls to the operating system from Java programs or applications executing on data processing system 200 . “Java” is a trademark of Sun Microsystems, Inc. Instructions for the operating system, the object-oriented programming system, and applications or programs are located on storage devices, such as hard disk drive 226 , and may be loaded into main memory 204 for execution by processor 202 .
- FIG. 2 may vary depending on the implementation.
- Other internal hardware or peripheral devices such as flash read-only memory (ROM), equivalent nonvolatile memory, or optical disk drives and the like, may be used in addition to or in place of the hardware depicted in FIG. 2 .
- the processes of the present invention may be applied to a multiprocessor data processing system.
- data processing system 200 may not include SCSI host bus adapter 212 , hard disk drive 226 , tape drive 228 , and CD-ROM 230 .
- the computer to be properly called a client computer, includes some type of network communication interface, such as LAN adapter 210 , modem 222 , or the like.
- data processing system 200 may be a stand-alone system configured to be bootable without relying on some type of network communication interface, whether or not data processing system 200 comprises some type of network communication interface.
- data processing system 200 may be a personal digital assistant (PDA), which is configured with ROM and/or flash ROM to provide non-volatile memory for storing operating system files and/or user-generated data.
- PDA personal digital assistant
- data processing system 200 also may be a notebook computer or hand held computer in addition to taking the form of a PDA.
- data processing system 200 also may be a kiosk or a Web appliance.
- processor 202 may be located in a memory such as, for example, main memory 204 , memory 224 , or in one or more peripheral devices 226 - 230 .
- Controller 310 receives IO requests from host driver 302 and performs IO operations on bus 350 .
- Host driver 302 may be any driver that requests IO operations on controller 310 .
- the host driver is a software device driver running in an instance of the operating system of a server, which has been modified to accept flags and to invoke an anti-virus program.
- the controller may be any data transfer device, such as, but not limited to, SCSI, Infiniband, IDE, Fibrechannel, Floppy Drive, Firewire, USB or serial ATA controller.
- Controller 310 uses embedded firmware 316 running on several different embedded processors.
- One of the processors is IO processor (IOP) 314 , which is a control processor that receives IO requests from the host driver and routes the IO to an appropriate lower level processor.
- the lower level processors include context manager (CTX) processors 324 , 334 , 344 .
- CTX context manager
- Host driver 302 may send IO requests to IOP 314 using a message-based interface (MPT).
- MPT message-based interface
- the host driver posts request IO message frames to controller 310 via request queue 312 . These IO message frames sit in a first in, first out (FIFO) queue waiting to be processed by the IOP.
- the IOP also routes IO messages to CTX processors 324 , 334 , 344 via queues 322 , 332 , 342 , respectively.
- the CTX processors receive IO messages on the queues.
- CTX processors 324 , 334 , 344 then process the IO messages and drive data onto bus 350 via drivers 326 , 336 , 346 .
- CTX processors 324 , 334 , 344 drive the data onto the bus using the specifications of the bus. For example, if the controller is a SCSI controller, then the CTX processors drive data onto the bus using SCSI specifications.
- controller 310 includes embedded firmware 316 within IOP 314 .
- a real-time virus checker 318 contained in firmware 316 checks the data that is being requested to be written through use of a virus dictionary.
- the virus checker could also check the data utilizing heuristic techniques (behavior detection) or a combination of both heuristic techniques and a virus dictionary. If a virus is detected then the file associated with the data to be written is flagged. The flagging can be accomplished in various ways such as, but not limited to, by using an OS level write command or a file descriptor table. This information is then communicated back to the host driver 302 . Host driver 302 then invokes an anti-virus program which can examine the entire file.
- FIG. 4 is a flowchart that illustrates a method for checking for viruses in accordance with a preferred embodiment of the present invention.
- the method begins when an IO data transfer request is received by IOP 314 from request queue 312 (step 402 ). A determination is made as to whether the request is a request to write data (step 404 ). If the request is not a request to write data (no output of step 404 ) then the request is processed as normal (step 406 ). If the request is determined to be a write request (yes output of step 404 ) then a real-time virus checker 318 contained in firmware 316 is executed (step 408 ).
- the real-time virus checker scans the data to be written against a virus dictionary and/or by using heuristic techniques, and a determination is made as to whether or not a virus is detected (step 410 ). If no virus is detected (no output of step 410 ) then the request is processed as normal (step 412 ). If a virus is detected (yes output of step 410 ) then firmware 316 flags the file associated with the data to be written and communicates back to host driver 302 (step 414 ), which then invokes an anti-virus program (step 416 ). A dynamic link library (dll) file is used to tell the anti-virus program which file to scan and then the anti-virus program performs a complete examination of the flagged file (step 418 ). The IO request is then processed (step 420 ) and the method ends.
- dll dynamic link library
- FIG. 4 is exemplary only and may be modified in various ways depending on particular implementations.
- the anti-virus program can be instructed to scan the proper file, including, but not limited to, programmatically by using a programming language command.
- the present invention solves the disadvantages of the prior art by providing a real-time virus scanning capability in a data transfer device.
- the present invention provides a method, system, and computer program product for checking for viruses by adding a virus scanning capability to a data transfer device.
- a real-time virus checker is stored on a controller. The virus checker scans data as it is being written to a file. If a virus is detected, the suspected file is flagged. Anti-virus software is then invoked to perform a scan of the entire suspected file. In this manner, demands on CPU resources to perform scans will be greatly reduced as only those files marked as possibly containing a virus need to be scanned, rather than scanning all the files on the entire data transfer device.
Abstract
Description
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/034,266 US7716741B2 (en) | 2005-01-12 | 2005-01-12 | Method and system for offloading real-time virus scanning during data transfer to storage peripherals |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/034,266 US7716741B2 (en) | 2005-01-12 | 2005-01-12 | Method and system for offloading real-time virus scanning during data transfer to storage peripherals |
Publications (2)
Publication Number | Publication Date |
---|---|
US20060156405A1 US20060156405A1 (en) | 2006-07-13 |
US7716741B2 true US7716741B2 (en) | 2010-05-11 |
Family
ID=36654884
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/034,266 Active 2029-03-13 US7716741B2 (en) | 2005-01-12 | 2005-01-12 | Method and system for offloading real-time virus scanning during data transfer to storage peripherals |
Country Status (1)
Country | Link |
---|---|
US (1) | US7716741B2 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080295176A1 (en) * | 2007-05-24 | 2008-11-27 | Microsoft Corporation | Anti-virus Scanning of Partially Available Content |
US20100313271A1 (en) * | 2009-06-08 | 2010-12-09 | Johnson Simon B | Portable media system with virus blocker and method of operation thereof |
US8201253B1 (en) * | 2005-07-15 | 2012-06-12 | Microsoft Corporation | Performing security functions when a process is created |
US20120159521A1 (en) * | 2010-12-20 | 2012-06-21 | Kriegelstein J K | Method and apparatus for integrating driver(s) of a portable device into the portable device |
US8307440B1 (en) * | 2007-08-03 | 2012-11-06 | Hewlett-Packard Development Company, L.P. | Non-blocking shared state in an intrusion-prevention system |
US8769373B2 (en) | 2010-03-22 | 2014-07-01 | Cleon L. Rogers, JR. | Method of identifying and protecting the integrity of a set of source data |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10764264B2 (en) * | 2005-07-11 | 2020-09-01 | Avaya Inc. | Technique for authenticating network users |
US20070154015A1 (en) * | 2005-12-29 | 2007-07-05 | Lucent Technologies | Method for cipher key conversion in wireless communication |
US7975304B2 (en) * | 2006-04-28 | 2011-07-05 | Trend Micro Incorporated | Portable storage device with stand-alone antivirus capability |
US9202087B2 (en) * | 2006-10-31 | 2015-12-01 | Verizon Patent And Licensing Inc. | Method and apparatus for controlling access to local storage devices |
KR100977365B1 (en) * | 2007-12-20 | 2010-08-20 | 삼성에스디에스 주식회사 | Mobile devices with a self-defence function against virus and network based attack and a self-defence method |
US8392379B2 (en) * | 2009-03-17 | 2013-03-05 | Sophos Plc | Method and system for preemptive scanning of computer files |
US8931074B2 (en) * | 2012-10-10 | 2015-01-06 | Dell Products L.P. | Adaptive system behavior change on malware trigger |
KR101621019B1 (en) * | 2015-01-28 | 2016-05-13 | 한국인터넷진흥원 | Method for detecting attack suspected anomal event |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6105027A (en) * | 1997-03-10 | 2000-08-15 | Internet Dynamics, Inc. | Techniques for eliminating redundant access checking by access filters |
US6266774B1 (en) * | 1998-12-08 | 2001-07-24 | Mcafee.Com Corporation | Method and system for securing, managing or optimizing a personal computer |
US20030145228A1 (en) * | 2002-01-31 | 2003-07-31 | Janne Suuronen | System and method of providing virus protection at a gateway |
US20050050334A1 (en) * | 2003-08-29 | 2005-03-03 | Trend Micro Incorporated, A Japanese Corporation | Network traffic management by a virus/worm monitor in a distributed network |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7150042B2 (en) * | 2001-12-06 | 2006-12-12 | Mcafee, Inc. | Techniques for performing malware scanning of files stored within a file storage device of a computer network |
-
2005
- 2005-01-12 US US11/034,266 patent/US7716741B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6105027A (en) * | 1997-03-10 | 2000-08-15 | Internet Dynamics, Inc. | Techniques for eliminating redundant access checking by access filters |
US6266774B1 (en) * | 1998-12-08 | 2001-07-24 | Mcafee.Com Corporation | Method and system for securing, managing or optimizing a personal computer |
US20030145228A1 (en) * | 2002-01-31 | 2003-07-31 | Janne Suuronen | System and method of providing virus protection at a gateway |
US20050050334A1 (en) * | 2003-08-29 | 2005-03-03 | Trend Micro Incorporated, A Japanese Corporation | Network traffic management by a virus/worm monitor in a distributed network |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8201253B1 (en) * | 2005-07-15 | 2012-06-12 | Microsoft Corporation | Performing security functions when a process is created |
US20080295176A1 (en) * | 2007-05-24 | 2008-11-27 | Microsoft Corporation | Anti-virus Scanning of Partially Available Content |
US8255999B2 (en) * | 2007-05-24 | 2012-08-28 | Microsoft Corporation | Anti-virus scanning of partially available content |
US8307440B1 (en) * | 2007-08-03 | 2012-11-06 | Hewlett-Packard Development Company, L.P. | Non-blocking shared state in an intrusion-prevention system |
US20100313271A1 (en) * | 2009-06-08 | 2010-12-09 | Johnson Simon B | Portable media system with virus blocker and method of operation thereof |
US9015840B2 (en) * | 2009-06-08 | 2015-04-21 | Clevx, Llc | Portable media system with virus blocker and method of operation thereof |
US10162965B2 (en) | 2009-06-08 | 2018-12-25 | Clevx, Llc | Portable media system with virus blocker and method of operation thereof |
US8769373B2 (en) | 2010-03-22 | 2014-07-01 | Cleon L. Rogers, JR. | Method of identifying and protecting the integrity of a set of source data |
US20120159521A1 (en) * | 2010-12-20 | 2012-06-21 | Kriegelstein J K | Method and apparatus for integrating driver(s) of a portable device into the portable device |
US8862787B2 (en) * | 2010-12-20 | 2014-10-14 | Intel Incorporation | Method and apparatus for integrating driver(s) of a portable device into the portable device |
Also Published As
Publication number | Publication date |
---|---|
US20060156405A1 (en) | 2006-07-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7716741B2 (en) | Method and system for offloading real-time virus scanning during data transfer to storage peripherals | |
US7640587B2 (en) | Source code repair method for malicious code detection | |
US6269409B1 (en) | Method and apparatus for concurrent execution of operating systems | |
US7257842B2 (en) | Pre-approval of computer files during a malware detection | |
US8024807B2 (en) | Probabilistic mechanism to determine level of security for a software package | |
US20080059726A1 (en) | Dynamic measurement of an operating system in a virtualized system | |
US10565039B2 (en) | Memory poisoning with hints | |
US9021148B2 (en) | Fast path userspace RDMA resource error detection | |
US6976059B1 (en) | System and method to provide applets using a server based virtual machine | |
AU2005333693A1 (en) | Back-off mechanism for search | |
US8621634B2 (en) | Malware detection based on a predetermined criterion | |
KR20070118074A (en) | System and method for foreign code detection | |
US20130276123A1 (en) | Mechanism for providing a secure environment for acceleration of software applications at computing devices | |
US7937715B2 (en) | Mechanism for generating dynamic content without a web server | |
CN112948164A (en) | Conditional saving of input data | |
JP2006164266A (en) | Improvement in performance of operating system | |
US7703139B2 (en) | Antivirus product using in-kernal cache of file state | |
US8141077B2 (en) | System, method and medium for providing asynchronous input and output with less system calls to and from an operating system | |
US10810105B2 (en) | Logging stored information for identifying a fix for and/or a cause of an error condition | |
US20080222149A1 (en) | Collation Regression Testing | |
US20060212581A1 (en) | Web server HTTP service overload handler | |
US8255642B2 (en) | Automatic detection of stress condition | |
US7882508B1 (en) | Tracing information flow using a signature | |
CN114781322B (en) | Memory state recovery method for MMU-free environment in CPU chip simulation acceleration | |
US20050010752A1 (en) | Method and system for operating system anti-tampering |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:FORMAN, IRA R.;HOLLOWAY, LANE THOMAS;MALIK, NADEEM;AND OTHERS;REEL/FRAME:015754/0049 Effective date: 20041110 Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION,NEW YO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:FORMAN, IRA R.;HOLLOWAY, LANE THOMAS;MALIK, NADEEM;AND OTHERS;REEL/FRAME:015754/0049 Effective date: 20041110 |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
REMI | Maintenance fee reminder mailed | ||
AS | Assignment |
Owner name: TWITTER, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:032075/0404 Effective date: 20131230 |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
SULP | Surcharge for late payment | ||
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.) |
|
FEPP | Fee payment procedure |
Free format text: 7.5 YR SURCHARGE - LATE PMT W/IN 6 MO, LARGE ENTITY (ORIGINAL EVENT CODE: M1555) |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552) Year of fee payment: 8 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 12 |
|
AS | Assignment |
Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND Free format text: SECURITY INTEREST;ASSIGNOR:TWITTER, INC.;REEL/FRAME:062079/0677 Effective date: 20221027 Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND Free format text: SECURITY INTEREST;ASSIGNOR:TWITTER, INC.;REEL/FRAME:061804/0086 Effective date: 20221027 Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND Free format text: SECURITY INTEREST;ASSIGNOR:TWITTER, INC.;REEL/FRAME:061804/0001 Effective date: 20221027 |